Posted by Maxim Vexler on 02/12/06 01:32

Hello

I'm looking for reading materials to educate myself on the security
measures that should be taken to build a secure web site.

What I'm referring to is web sites like the following :
1. http://www.securiteam.com/securityreviews/5DP0N1P76E.html
2. http://www.unixwiz.net/techtips/sql-injection.html
3. http://www.cgisecurity.com/articles/xss-faq.shtml

That would demonstrate to me real "bad" code and the way it can be
exploited on my site.

A references to bugzilla / mailing lists of open source projects to
learn from them how to apply security would also be great IMHO.

The main security concern I seem to be unable to find good
documentations are:

1. SQL injection in the Unicode character maps; possibly a table that
would summarize all the characters to avoid / filter out from web
forms.
2. (in)Correct usage of php functions.


I know my question is general and yet I would very much appreciate
references / recommendation on reading material, as learning by trial &
error in the security field is not an option.


Thank you very much.

Cheers,
Maxim Vexler.


--

Do u GNU ?

[Back to original message]